Login

Foxit Reader Firefox Plugin URL File Name RCE

High Nessus Plugin ID 64094

Synopsis

A PDF viewer installed on the remote host is affected by a remote code execution vulnerability.

Description

According to its version, the Foxit Reader installed on the remote Windows host is affected by an boundary error related to the Firefox plugin (npFoxitReaderPlugin.dll) due to improper processing of user-supplied input when handing an overly long file name in a URL query string. An unauthenticated, remote attacker can exploit this, via a crafted URL, to trigger a stack-based buffer overflow, resulting in a denial of service or the execution of arbitrary code.